A few more tidbits... My winbind logs have this complaint for each of the domain local groups: [2008/07/11 14:40:00, 1] nsswitch/winbindd_group.c:fill_grent_mem(365) could not lookup membership for group sid <munged-sid> in domain DOMAIN (error: NT_STATUS_NO_SUCH_GROUP) [2008/07/11 14:40:00, 0] nsswitch/winbindd_group.c:winbindd_getgrent(1110) could not lookup domain group dnsadmins
wbinfo doesn't have any difficulty with converting name -> SID -> gid -> SID, but if I run wbinfo -r on a user that's a member of one of the groups, that group doesn't show up. So, at the moment, it appears that winbind just can't grab membership for these domain local groups. I found this reported a few other places on the 'net, but it doesn't seem that a resolution has ever been reached. -HKS On Fri, Jul 11, 2008 at 1:13 PM, (private) HKS <[EMAIL PROTECTED]> wrote: > Any ideas? > -HKS > > On Mon, Jul 7, 2008 at 5:01 PM, (private) HKS <[EMAIL PROTECTED]> wrote: >> Hello all. >> >> I'm relatively new to Samba, and haven't been able to track down a >> solution to this particular problem. >> >> I use Samba/Winbind to authenticate FreeBSD machines against a >> Windows 2003 Active Directory. That all works fine. The problem is >> that groups in the AD of type "Security Group - Domain Local" are >> causing winbindd a lot of grief. Every time the winbindd daemon is >> accessed, it spews syslog messages like these for every Domain >> Local group in the AD: >> >> -------------------- >> Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] >> nsswitch/winbindd_group.c:winbindd_getgrent(1110) >> Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain >> group dhcp users >> Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] >> nsswitch/winbindd_group.c:winbindd_getgrent(1110) >> Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain >> group dhcp administrators >> Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] >> nsswitch/winbindd_group.c:winbindd_getgrent(1110) >> Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain >> group dnsadmins >> Jul 7 16:36:15 testbox winbindd[50492]: [2008/07/07 16:36:15, 0] >> nsswitch/winbindd_group.c:winbindd_getgrent(1110) >> Jul 7 16:36:15 testbox winbindd[50492]: could not lookup domain >> group debugger users >> --------------------- >> >> All non-local groups show up just fine in the BSD system. Local >> groups do not show up in a getent group. >> >> All groups, including the local ones, show up when I run wbinfo -g. >> Running wbinfo -n <localgroup> comes back with a SID: >> $ wbinfo -n dnsadmins >> <munged-SID> Local Group (4) >> >> This SID is trackable back to a gid: >> $ sudo wbinfo --sid-to-gid <munged-SID> >> 11105 >> >> Why, then, are these groups not actually getting populated? Can anyone >> shed some light on this? >> >> -HKS >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
